The Current State of Phishing Attacks

Zulfikar Ramzan, Symantec

Phishing is the act of sending a fake email, to a user, appearing to
originate from a legitimate institution with which the user transacts (e.g.,
their bank, credit card company, etc). The email directs the user to a
spoofed web site and asks for sensitive information (e.g.,
usernames/passwords, credit card numbers, bank account numbers, social
security numbers, etc.); in the hands of a malicious party, leaking this
sensitive information is very dangerous. While it used to be easy to tell
apart a phishing attempt from a legitimate email, phishers have started to
using techniques of ever-increasing sophistication. As a result, phishing
has catapulted into a major component of the new threat landscape.

This talk will survey the current state of phishing attacks, leveraging
real-world data obtained through Symantec's data collection fabric. We will
describe: